@GramrgednAngel @Violinknitter @cavyherd
The #CrowdStrike update was pushed on Thursday, Austin Texas (where the company is located) time.
Heh! You can add doing database work with an actual database application, instead of with Microsoft Excel, to your list of objections to nail to the church door.
There are people who would use Excel to hammer such a nail in.
(-:
That's skewing what's average by excluding a fair whack of people. People who work for companies/institutions are PC users, too. And it's not even that all of them have one PC for work and another PC for personal use.
They were, inasmuch as there were people with company/instutition-issued PCs working from home, or away from the office, with #CrowdStrike as the institutional anti-malware software.
As long as everyone remembers that it's also a Linux security product.
All of the Linux people being smug don't know that #CrowdStrike's Falcon Sensor has a Linux version, that integrates into the kernel, and has "channel files" too. They have escaped through accident, not by dint of any inherent superiority. In another universe where Linux systems were instead deployed in the many businesses/public services/governments with CloudStrike as the common anti-malware choice, today would have been Linux panic day. https://crowdstrike.com/press-releases/crowdstrike-falcon-expands-linux-protection-with-enhanced-prevention-capabilities/ #NeverWindows11 #MO821132
It was Thursday in Austin Texas (which is UTC-06:00) when #CrowdStrike deployed this. Everyone who you see pulling out the old adage about deploying on Fridays is another person who hasn't read the recommended snapshot rollback time (04:09 UTC).
Personally, I think that it highlights the foolishness of, when the problem is unknown softwares being sneakily installed/downloaded and run on one's servers, solving the problem by *automating* hidden downloads of softwares to run on one's servers, by third party vendors, in kernel space no less.
I saw one poster several hours ago write about immutable operating systems, and that seems to be the right thing to be thinking about.
In fairness, the "personal devices" being used as ad-hoc backup systems that I've had reported to me by friends and relatives were pencil and paper. (-:
Not only the site root, but also many of the press releases.
@[email protected] It's an interesting thought, but Brody Nisbet called it a "channel file" and the basename wildcard to match is "C-00000291*.sys" so it might not even be code. In the meantime, as the world tries to find out what "channel files" are in CrowdStrikeSpeak, enjoy the irony of this press release. https://crowdstrike.com/press-releases/falcon-filevantage-pinpoints-adversary-activity-through-file-integrity-monitoring/ #NeverWindows11 #MO821132 #CrowdStrike
@wisteela was just explaining that to me yesterday, and my reaction:
@wisteela Sod that for a lark! Although by many reports there are ways around that. #Windows11 #NeverWindows11
JdeBP